There are multiple ways in which an entity may penetrate or attack a company's computer system. One common method employed by malicious hackers to gain such access is via protocol manipulation attacks. The common end result of a protocol manipulation attack is that an ongoing communication session is stolen by a malicious user, and the malicious user acts as if he were the original user. This is commonly referred to as session theft. Although the protocols used by many systems contain encryption features or tools which may defeat a protocol manipulation attack that results in session theft, managers and/or users of these systems typically do not employ the available encryption tools. For example, managers and/or users of a given system often assume that the encryption feature is activated when in fact it is not. Similarly, the owner of the system and the corresponding protocol might charge its client to use the corresponding encryption tool, and those clients simply choose to forego paying the extra money for the use of the encryption tool. Moreover, the system may lack an encryption tool, and therefore, the user is required to purchase an encryption tool from a third party, but fails to do so. All these situations result in many purchasers of software systems failing to employ an encryption tool or security feature, and thus the system is vulnerable to protocol manipulation and session theft. There are various ways a party can attempt to assess its compliance with security policies and determine the corresponding system's vulnerabilities. For example, a consultant can question a corporation's information officer to determine what measures that corporation has in place to safeguard its computerized information. Additionally or alternatively, the corporation can employ automated tools to perform the assessment.